CVE-2026-25069
CRITICALSunFounder Pironman Dashboard <1.3.13 - Path Traversal
Title source: llmDescription
SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can disclose sensitive information and delete critical system files, resulting in data loss and potential system compromise or denial of service.
References (5)
Core 5
Core References
Various Sources product
https://github.com/sunfounder/pm_dashboard
Various Sources issue-tracking
https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L62
Various Sources issue-tracking
https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L440
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/sunfounder-pironman-dashboard-path-traversal-arbitrary-file-read-deletion
Various Sources technical-description
exploit
https://gist.github.com/chapochapo/5db8702ede862af5c59a28b5d5a0aba3
Scores
CVSS v4
9.3
EPSS
0.0028
EPSS Percentile
51.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
SunFounder/Pironman Dashboard (pm_dashboard)
< 1.3.13
Published
Feb 01, 2026
Tracked Since
Feb 18, 2026